Infographic designed by Lumin Consulting
Archive for category Free speech
Í dag eru fjölmargir vefir lokaðir í mótmælaskyni gegn SOPA og PIPA frumvörpunum, þar á meðal ensk útgáfa Wikipedia og WordPress. Google er með á ensku forsíðu sinni ákall um að mótmæla SOPA og PIPA. Ég skrifaði grein í síðustu viku um hugmyndir STEF um að innleiða svipaðar ritskoðunarreglur á Íslandi, og hafði ekki séð nein skrifleg mótmæli við henni fyrr en í dag, þegar mér var bent á athugasemd frá Ólafi Arnalds sem segir:
Nú er ég sjálfur ekki hlynntur ritskoðun á internetinu en mikið einstaklega er þetta illa upplýst grein… YouTube er nú þegar með svona kerfi í gangi sem er keyrt af tölvuforritum, ekki 1154 starfsmönnum, auk þess sem STEF hefur bara ekkert með Wikipedia að gera…
Er í alvörunni enginn sem fer yfir svona greinar áður en þær eru birtar á einum vinsælasta miðli landsins til þess eins að grafa undan starfsemi samtaka sem eru að reyna að gera sitt besta við að vernda hagsmuni heillar starfstéttar sem á undir högg að sækja?
Það er rétt að STEF hefur ekkert með Wikipedia að gera, enda eru tóndæmin á Wikimedia Commons bara í þúsundavís… og það að STEF myndi fá leyfi til að ritskoða Internetið myndi auðvitað ekki leiða af sér sambærileg áköll frá öllum öðrum höfundarétthöfum til að fá að gera það sama, neinei. Það er ekkert vopnakapphlaup í gangi. Kvikmyndaiðnaðurinn myndi aldrei fara fram á það að fá að ritskoða Internetið, né heldur bókaútgefendur. Eða hvað? Ég stend við það sem ég sagði: Sjálfhverfa höfundarréttarsamtaka hefur náð nýjum hæðum.
Það er rétt að YouTube er með “gervigreind” sem skannar yfir myndbönd smávegis og leitar að ákveðnum settum af þekktum, fyrirfram merktum ummerkjum um höfundavarið efni. En það sér sérhver heilvita maður að þær aðferðir hafa ekki verið að virka – þær eru í besta falli aum viðleitni. Það er hreinlega ómögulegt að smíða gervigreind, né nokkuð annað, sem finnur höfundaréttarbrot með 100% nákvæmni, og það er ekki neitt sem mun breyta því. Ég get útskýrt hvers vegna á fræðilegan hátt ef þess er óskað; það verður að fyrirgefast að í 3000 stafa plásstakmörkun Fréttablaðsins gafst ekki ráðrúm til að útskýra hvernig Turing vélar og Shannon-Nyquist sampling theorem virka, hvað þá það að samkvæmt TRIPS sáttmálanum (sem er undirstaða alþjóðlegra höfundaréttarskuldbindinga) er engin skráningarskylda á höfundaréttarvörðu efni og því enginn gagnagrunnur til að miða við.
Vandamálið við þessar hugmyndir um lög eru að það þarf ekki nema einn ósáttan höfundarrétthafa sem féll á milli í gervigreindinni til að binda endi á YouTube. Og skítt með YouTube: Wikipedia er ekki með svona gervigreind, né heldur WordPress, né meginþorri allra vefsíðna í heiminum.
Þetta er ekki hægt. Svo einfallt er það.
Hvað varðar það að þau séu að reyna að vernda hagsmuni heillar starfsstéttar sem á undir högg að sækja, þá langar mig til að benda á að það er algjört bull. Hugverkaiðnaðurinn telur nú rúmlega $2 milljónir milljarða dollara árlega og vex ár frá ári. Það er rétt að dregist hefur saman í plötusölum, sem dæmi, en það er vegna þess að fleiri kaupa stök lög en áður, og heildarupphæðin hefur hækkað. Svo er rétt að benda á að höfundaréttarsamtök hafa verið gríðarlega dugleg við að borga höfundarrétthöfum verulega illa, og mismuna þeim eftir því hvaða afbrigði af list þau stunda. Það er undarlegt brot á félagafrelsi að tónlistarmenn á Íslandi verða að vera í STEF til að fá greitt fyrir spilun á sinni tónlist í útvarpi, og að enginn tónlistarmaður megi gefa vefsíðum og útvarpsstöðvum leyfi til að borga ekki STEF-skattinn.
Það er búið að sýna margoft fram á það – til dæmis hjá fyrirtækjum eins og Gogoyoko og Spotify – að rétta leiðin til að vernda hagsmuni fólks í skapandi greinum er ekki að skerða mannréttindi eða takmarka tjáningarfrelsi, né heldur að kæra fólk í spað. Rétta leiðin er að bjóða upp á eitthvað *betra* – láta það vera jafn auðvelt eða auðveldara að fara löglegu leiðina. Það myndu velflestir borga ef að það kostaði ekki miklu meira vesen.
Svo er hitt: Það er meginregla í lýðræðislegum samfélögum að við leyfum ekki einokunarstarfsemi. Við höfum meiraðsegja stofnanir eins og samkeppnisstofnun til að koma í veg fyrir það. En einhverra hluta vegna höfum við samþykkt lög sem veita einokunarrétt á menningararfleið mannkyns. Ég er auðvitað sammála því að fólk eigi að fá borgað fyrir vinnuna sína, en það er bara allt allt annar hlutur en að fólk fái einokunarrétt á vinnunni sinni fram að 70 árum eftir sinn dauðadag.
(I stumbled onto Demand Progress’s campaign page about SOPA/Protect-IP and found myself writing in the little input box. You should too. Anyway, this little rant is what I wrote in the box. It’s a bit whiny, a bit dreamy, a bit silly, but there’s something about it that I like. Perhaps I should write things in little boxes more often.)
I am not your constituent. I am from the Internet, the space was created as a side effect of a military research project that your congress funded. Today, the Internet is the backbone of communications, diplomacy and commerce in the world. It has liberated millions of minds from intellectual starvation and with its help millions of bodies have been liberated from physical serfdom.
What makes the Internet special is its ability to bring information to anybody, anywhere, always, regardless of political opinions and special interests. Information is apolitical, as is the Internet. However, that does not mean that the Internet is used by apolitical people and that the information they share is not meaningful to them.
What we’re facing today is a political threat to the stability of the Internet. It is akin to a declaration of war. Except that the Internet is not a developing nation, it is not a physical place which can be bombed for not complying with specific policy decisions. No. The Internet occupies the same space as you do, it permeates every action that humanity takes now. Destroying the Internet would be destroying mankind’s best ever hope for equality and justice. Destroying the Internet would be destroying the most powerful free market ever seen. It would be destroying the values upon which the United States are founded. Destroying it is suicide.
Don’t commit suicide. Don’t invade the Internet with your silly censorship law. It won’t work, but it will force the denizens of the Internet to militarize more heavily, employ sociociphernetic guerrilla tactics against those who would seek to strip us of our right to communicate. It would force us to fight you, and we don’t want to do that, because the Internet is the brainchild of America. For better or worse, we rather like you guys.
Say no to SOPA and Protect-IP. Then, if you’re up for the challenge, ask us – the Internet – how we would protect the material interests of the creative people in the world. You’ll be surprised.
[Warning: I read about this on my cellphone just before stepping on a plane, and wrote it largely on the plane. I didn't have references or resources, nor did I have a chance to talk to various people I'd have liked to. But I'm going to post it like it is anyway, in raw, unedited form. Enjoy. Also note, I am not a lawyer.]
The Italian Wikipedia has started a campaign against a proposed wiretapping law in Italy with the claims that the law, which requires immediate “corrections” pending any complaint from anybody who feels unfairly treated, slandered or libeled, is fundamentally incompatible with the existence of the Italian Wikipedia.
While functionally this is true, that the existence of open knowledge databases, free press and broadly speaking freedom of expression is fundamentally at odds with a law which requires unarbitrated censorship of opinion, creating effectively a distributed thought police, there are various aspects of the analysis provided on the Italian Wikipedia site which seem slightly too poorly researched for people from such a venerable medium. It is noteworthy though that Wikipedia, as a project, has very rarely taken a specific stand with regard to a particular political argument, but highly fitting that they should choose to do so on an issue of a fundamental rights issue like this one.
First off, the claim that the Italian language Wikipedia would need to be shut down. This is not true, as there are millions of Italian speakers outside of Italy who could still use and develop the Italian language Wikipedia if Italy were to go to such extremes. There is a possibility that if such a law were to take effect, there would be a valid reason to block access to Wikipedia from Italy, under the somewhat awkward understanding that access from the country equates to publication in the country – an understanding that the UK has used in libel cases.
However, without having read the proposed Italian law (mostly because I can’t read Italian, but also because I’m on a plane), I do not expect that it contains anything that limits its scope to articles published in the Italian language. If, for example, somebody were to publish a Occitian language newspaper in Piedmont, it would undoubtedly fall under the law. Therefore it’s safe to assume that under this proposed law, any publication would potentially be required to exercise this type of censorship.
So where does that leave the English version of Wikipedia? Or, say, the Pashto version? Is it sufficient for the invocation of the law that somebody in Italy should be able to feel slandered by any given fragment of text? That’s where we come to the next issue, which is jurisdictionality.
Wikipedia is, for better or worse, hosted in the United States. There are a number of proxy caches and database mirrors of various types scattered around the globe, but last time I checked (which was actually a couple of years ago) there were none in Italy. So, can Italian law actually apply to Wikipedia?
There are various answers to this, but the simplest one is that it depends. In Europe, for example, there is a directive on enforcement orders for uncontested claims. It’s unclear how exactly it’d pan out, but it seems that the proposed law doesn’t allow contesting of claims, therefore all claims would by definition be uncontested, and then all EU courts, except those in Denmark, would have a responsibility to enforce court orders that came from Italy based on this. That could effect the proxy caches in France, for example. Denmark and Iceland would be able to reject this under the terms of the Lugano treaty. However, such an action would require that the claim actually be taken to court, which appears to be the thing that this law is designed to try to prevent.
There’s also the question of specific cross-jurisdictional agreements. If, for example, Italy and the United States were to enter into a treaty… well. That’s pure speculation, and could actually amount to anything. Let’s not get lost in fiction.
Apart from that, it would seem that barring any international agreement on the definition of whether laws apply in the country of origin of the communication, or at the receiving end, any actual effects of this law on publications outside of Italy would have to be on a volunteer basis.
Now let’s talk about why even that will never happen.
First, there’s this little thing called the e-Commerce directive (2000/31/EC). It’s the European Union’s more-or-less equivalent for these purposes to §230 of the United States Communications Decency Act. They provide indemnity to Internet hosts that don’t mess with the data being hosted, meaning that unless there’s child pornography, copyright violations, or court orders, more or less that’s it. Too bad. That doesn’t really help things that have print publications… but then again, Wikipedia ain’t. Whole other kettle of fish.
Now. Even in Italy, there is a notion of fundamental rights. These are kind of important, or at least a lot of people seem to think so. The United Nations decided to go for a very broad text that’s nice and powerful but not very enforceable. The Council of Europe on the other hand has a slightly less lofty but much more enforceable human rights convention (ECHR), which has a court. That court doesn’t fuck around when it comes to this kind of thing, although strictly speaking they don’t have the ability to overturn laws, they’re pretty sure to slam this kind of extrajudicial censorship pretty hard.
An organization that does fuck around quite a bit, but has a very nice weapon, is the European Union. In particular, the Treaty of the European Union (TEU), article 7, allows for temporary suspension of a member state from the EU in the case of a reasoned proposal being presented, on the basis of a clear and sustained violation of Human Rights. I can’t remember the exact wording, but I’d say that this bill fits the bill, if you’ll forgive the pun. In fact, if it were to go through, it’d fit the bill even better than the Hungarian Media Law, which several people (including myself) argued earlier this year should’ve been taken on the rounds on TEU art VII. Unfortunately that never happened.
Actually, there’s a historical point there. I’m not going to name people because I didn’t have a chance to check with them, but back in April a group of free speech advocates met in Budapest to discuss the Hungarian Media Law. I wrote about it at the time. Our conclusion was that we needed to put together an action to get TEU article VII invoked against Hungary, because if the kind of totalitarian limitations on free speech were allowed to fester there, the so-called “Orbanization” of Europe would surely continue – it would fester and spread, like totalitarian cancer. Have I mentioned that it sucks to be right?
To be fair, Italy has been on this route for a long time. I have previously written about Legge Alfano and other attempts at establishing similar schemes. They by and large get smacked down in the Italian parliament, or the senate, or in the worst case so far got thwacked by the constitutional court. It’s as if Berlusconi and co don’t get it.
In all likelihood, this isn’t going to get anywhere. It’s going to be yet another annoyance that will further demark the line between the part of the world where free speech is respected, and the part which is controlled by despots. (Both zones are non-contiguous.)
Don’t get me wrong. We do need to fight this, and fight this we will. And we will win.
I’ll refrain from pointing out the irony that the apparently most abhorrent thing about a so-called wiretapping bill is not, in fact, wiretapping.
A recent article on the rise of the Cybersecurity-Industrial complex hits spot on in many regard. However, one line in particular struck me as disastrously wrong: “A re-engineered, more secure Internet is likely to be a very different Internet than the open, innovative network we know today. A government that controls information flows is a government that will attack anonymity and constrict free speech.”
This line assumes that a more secure Internet is going to be one with more government control – a grave misunderstanding. For years, technologists at the end of the spectrum which has not been given massive amounts of public money have been crying out for increased security online. The reason for this, they say, is that governments and corporations, not to mention criminals and terrorists, are in fact, on a regular basis, using the lack of structural security to their own ends. Governments attack anonymity and constrict free speech, corporations violate privacy, package people’s identities and sell them off as market research, criminals hijack personal and financial information and use it to extract monetary benefits and get away under borrowed identities, while terrorists, well, it’s not entirely clear what they have to do with cybersecurity at all. Probably not a lot.
What the technologists from the “freedom camp” (for lack of a better name) have been suggesting is that introducing technologies such as IPSec on the substrate of the Internet, as will happen with the adoption of IPv6, and switching communications to encrypted by default, for example by providing verified SSL certificates at no charge and encouraging the use of HTTPS everywhere, and introducing encryption systems like OTR as default on instant messaging systems while supporting the further expansion of anonymity networks such as TOR to increase throughput and availability.
Technologists from that camp have also argued against proprietary software on the basis of it being fundamentally less secure; software that nobody can independently inspect the inner workings of is software which is waiting to be exploited.
The same technologists have argued against the consolidation of telecommunications vendors and monopoly situations on those markets, as these infrastructure provision companies are potential points of failure. An Internet which has thousands of ISPs is more resilient to external force and influence, attack and disruption, than an Internet which has a dozen.
It is entirely true that “a government that controls information flows is a government that will attack anonymity and constrict free speech,” but that’s nothing new. What the Cypherpunks and the Cryptoanarchists have been arguing for decades is that the only way to stop third parties from controlling information flows is to adopt a security by design policy on the Internet: that the network itself be fundamentally resilient to inspection and manipulation.
So why hasn’t this happened?
There are umpteen gazillion reasons why this hasn’t happened, and many of them have to do with the forces who are entirely okay with the Internet not becoming more secure: governments, corporations, and to a lesser extent, criminals. All of these actors of course want their own little pockets of the Internet to be impregnable fortresses of cybersecurity, which is why the nascent Cybersecurity-Industrial Complex is doing so well, but none of them is willing, or perhaps capable, of understanding that security on the Internet is a “all or nothing” kind of thing in many regards, as every insecure node on the network is a potential threat.
A little known conspiracy theory I heard was that the adoption of IPv6 has been intentionally held back by the Tier 1 network providers, who operate the largest backbones of the Internet, at the request of government intelligence agencies such as NSA and GCHQ, who worry that the widespread adoption of IPSec would render them unable to intercept and analyse network traffic on a large scale, as they are known to do. This would be a very sensible thing for them to request, but yet I don’t really believe this theory – it assumes malice where stupidity would suffice. It’s a bit of a stretch to imagine nation states voluntarily putting everybody in the world at risk for the purpose of retaining their ability to spy on their neighbors, while it is entirely possible to understand the non-adoption of IPv6 through the fact that it will cost quite a bit of money to do the switchover – a more or less fixed cost regardless of when it is done – and the money pinching telcos are putting it off as long as they can, ignoring the fact that without the IPv6 switchover the Internet will stop growing soon, which itself will cause economic growth to become even more stifled than it already is.
A harder nut to crack is that of HTTPS. In order for HTTPS to work, people need SSL certificates, which, owing to some strange decisions made at Netscape back in the day, are required to be signed by a ranking organisation in a certificate authority hierarchy. These organisations charge money for people to have the privilege of a signature, and for good measure they choose to let the signatures run out once a year, by default. People who make their own SSL certificates and don’t have them signed will have their users scared senseless with intimidating warning messages which are, more often than not, entirely overstated.
There is a market problem here. Certificate authorities make money from signing certificates, so small websites and companies don’t use them. There’s also an ever so slight overhead cost to running everything through encrypted channels, both in terms of bandwidth and computation power, so large companies try to avoid them, because slight overheads add up very quickly to major operational costs when you’re streaming thousands of terabytes of video every minute, for instance. These two things have turned online security into a kind of boutique luxury service, mostly reserved for banks and e-commerce sites, where people will not stand for anything less.
This particular problem can be solved pretty easily. If domain registrars would start bundling basic level signed certificates with domain leases, small websites could use SSL by default. And if they were all doing it, there would be more pressure on larger companies to stop providing insecure connections, which might eventually get them to suck it up and accept the overhead as a baseline operating cost – it’s not like the companies in question are doing badly, and there’s only a handful of them. I look forward to the time when every “http://” has been replaced with a “https://”.
It’s possible to go on forever; there are so many simple fixes that aren’t being commonly used. The Internet doesn’t have to be an insecure place, and what’s more, increasing Internet security is actually one of the major ways in which we can curtail censorship and protect our rights. But on the other hand, no re-engineering is required. Online security can be improved now, at very little cost, because all of these mechanisms are precisely possible because the Internet is open and innovative.
The fact that governments are upping the antes in cybersecurity and feeding yet another something-industrial complex is appalling. It’s a waste of time, it’s a waste of money, and it’s creating more threats than it’s eliminating. I cackle at the irony of governments trying to hire the most anti-authoritarian bunch of people they can find and tasking them with coming up with a new form of authoritarian control structure, because it simply will not work. The only people they’re going to manage to hire to those ends are people who are too dumb to realize that, or too opportunistic to point it out.
The private enterprise side of this, aptly dubbed the Cybersecurity-Industrial complex in the article, is simply a nefarious new scheme under which self-asserted technology specialists are leveraging public funds to protect states against a threat which does not really exist, and moreover intends to do so by not actually fixing the perceived problem, but rather just make a ton of money off holding back the tide. There is no honor amongst consultants.
A more self-interested man than myself might not write an article like this, because, to be fair, these developments are presenting people with my skill set with an abundance of potential lucrative ventures as clearly noted by the notable presence of three letter agencies at the DEFCON and Blackhat conferences last week. (Pro tip: if your computer security specialist looks comfortable in a suit and hasn’t told you the things I just did, you’re overpaying him by about 100%). On the other hand, I’d rather have freedom than money, and this militarisation of the Internet is going to make us less free. That said, if there are any governments out there that are interested in paying me absurd amounts of money to tell them how not to destroy the Internet and improve their security while they’re at it, feel free to drop me a line.